• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.309-327
• /
• 2022

As ICT convergence is progressing in all industrial fields and creating the global ecosystem of the supply chain is accelerating, supply chain risk related with cyber area are also increasing. In particular. the supply chain of ICT products is very complex in terms of technical and environmental factors to be managed, so it is vert difficult to transparently manage the entire life cycle. Accordingly, the US, UK, and EU, etc. are conducting and establishing cyber supply chainsecurity-related research and policies for ICT product supply chains. Korea also has the plan to establish management system to secure the supply chain of major ICT equipment as a task in the basic plan of the national cybersecurity strategy announced in 2019, but there is no concrete policy yet. So, In this paper, we review the cyber supply chain security management system in the United States and present a supplementary way to the National Information Security Manual in Korea from the perspective of cyber supply chain security. It is expected that this will serve as a reference material for cyber supply chain measures that can be introduced in domestic information security field.

• Review of KIISC
• /
• v.13 no.3
• /
• pp.38-49
• /
• 2003

보안관리, 위험분석 및 PP의 개발 방법(또는 지침, 표준)을 개발하기 위해서는 공통적으로 자산, 위협 및 취약성의 분류체계, 평가기준 및 평가스케일을 정의해야한다. 본 논문에서는 이 분야의 각종 방법들로부터 분류체계, 평가기준 및 평가스케일을 조사 연구하였다. 본 결과는 새로운 방법을 개발할 때 활용될 수 있을 것이다.

• Review of KIISC
• /
• v.28 no.6
• /
• pp.25-32
• /
• 2018

국방과학기술 중 국가안보를 위해 보호해야 하는 기술을 방위산업기술로 정의하고 있다. 방위산업기술보호법의 대상기관은 보유 또는 연구개발 중인 방위산업기술을 식별한 후, 방위산업기술 정보를 적절한 보호등급으로 분류하여 보호하여야 한다. 이를 위해서는 국방과학기술 정보의 분류체계 국가 표준이 수립되어야 하지만 아직까지 분류체계가 정립되어 있지 않고 대상기관 별로 자체 내규로 정하도록 지침이 마련 중으로 향후 혼란을 야기할 수 있어 이에 대한 개선이 필요하다. 본 논문에서는 현행 국방과학기술 정보의 분류체계와 미국 국방부의 과학기술 정보의 분류체계를 비교하고 발전방향을 고찰해본다.

• Review of KIISC
• /
• v.22 no.8
• /
• pp.31-35
• /
• 2012

안전결제 시스템(ISP)의 사고 건수는 2007년 5천만원부터 2010년 1억7천만원, 최근인 2012년 1억 8천만원으로 증가하고 있다. 안전결제 시스템은 국내 최초의 PKI기반 전자서명방식을 적용한 신용카드 인터넷 결제서비스 이다. 안전결제 시스템에 대한 해킹사고가 국민에게 직접적인 금전 피해를 야기 시켜서 사고에 대한 취약점 분석 및 대응 지침에 관한 연구가 필요하다. 본 논문에서는 안전결제 시스템에 대해 정의하고 원리를 파악하여 취약점을 기술하고 분석하여 취약점에 따른 대응 지침을 연구한다. 아울러 국가와 국민의 사이버 안전을 보호하고, 국민들에게 보다 안전하고 편리하게 온라인 결제를 할 수 있도록 하는 연구가 될 것이며 미흡한 온라인 보안 강화를 위한 전자상거래법 개정안이 채택되는데 도움이 될 것이다.

• Convergence Security Journal
• /
• v.17 no.2
• /
• pp.101-107
• /
• 2017

Recent cyber attacks on South Korea, including hacking and viruses, are increasing significantly. To deal with the cyber invasion of cyber aggression, the Ministry of National Defense defined the necessary procedures for cyber security with guidelines for cyber security. In spite of, based on the analyses the cyber defense operations published, the number of violations are increasing. To address issues stated above, the safety check items should be reviewed and revised. This paper will revisit current safety check items and provide new guidelines to prevent cyber security breaches, which will provide more safe and efficient cyber environment.

• Convergence Security Journal
• /
• v.14 no.6_1
• /
• pp.13-21
• /
• 2014

It is needless to say that the port security is very important owing to the geographic setting of Korea and the possibility of the provocation by North Korea. In addition, The security management is necessary for the port and the domain of maritime to block the inflow from overseas because of the increase of international crime as terrorism. The training system for port security guard should be constructed to secure the specialization of the manpower for the efficient port security management. But the training system of port security manpower is not unified and the training is not carried out, therefore it is necessary to improve the training system of port security manpower. In this study, the improvement plan of training system is suggested as follows. First, the unification of the legislation of port security should achieved to establish the guidance of training for port security guard. Second, the specialized training per activities should be done. And lastly, the qualification system should be introduced for the specialization of port security manpower.

• Informatization Policy
• /
• v.30 no.4
• /
• pp.3-39
• /
• 2023

With the growing importance of information/information system, information security is emphasized, and the significance of information security audit as a tool for maintaining the proper security level is increasing as well. The objectives of the study are to identify the overall research trends and to propose future research areas by analyzing domestic and overseas research in the area. To achieve the objectives, 103 research papers were analyzed based on both general and subject-related criteria. The following are the major research results : In terms of research approach, more empirical studies are needed; For subject "Auditor," studies to develop a framework for related variables (e.g., capability) are needed; For subject "Audit Activities/Procedures," future research should focus on the process/results of detailed audit activities; Future domestic research for "Audit Areas" should look for the new technology/industry/security areas covered by foreign studies; For "Audit Objective/Impact," studies to define the variables (e.g., performance and quality) systematically and comprehensively are needed; For "Audit Standard/Guidelines," research on model/guideline needs to be continued.

• The Journal of Society for e-Business Studies
• /
• v.16 no.4
• /
• pp.87-96
• /
• 2011

The importance of the security management system for the aviation infrastructure cannot be overemphasized. What is especially important on the security management system for it is the assessment that is detaild and systematic. This article presents a framework based on a Hanulcha-type security management system model for a Information security of the Aviation infrastructure. This system checks, estimates and analyzes the goal of security with effect, especially in case of the security-accident on the aviation infrastructure because this system model gives the integrated security assessment method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.131-138
• /
• 2003

With the Internet winning a huge popularity, there rise urgent problems which are related to Network Security Managements such as Protecting Network and Communication from un-authorized user. Accordingly, Using Security equipments have been common lately such as Intrusion Detection Systems, Firewalls and VPNs. Those systems. however, operate in individual system which are independent to me another. Their usage are so limited according to their vendors that they can not provide a corporate Security Solution. In this paper, we present a Hierarchical Security Management Model which can be applicable to a Network Security Policies consistently. We also propose a Policy Negotiation Mechanism and a Prototype which help us to manage Security Policies and Negotiations easier. The results of this research also can be one of the useful guides to developing a Security Policy Server or Security Techniques which can be useful in different environments. This study also shows that it is also possible to improve a Security Characteristics as a whole network and also to support Policy Associations among hosts using our mechanisms.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.6
• /
• pp.143-152
• /
• 2016

Currently many central administrative agencies, municipalities and public and private institutions operate Managed security services to cope with cyber security incidents. These entities exert efforts in operating efficiencies rather than introduction of services as they used to. Accordingly, quite a few policies, directions and guidelines have been established for stable operation of Managed security services. Still, Managed security is operated by individuals, whose competencies influence the quality of Managed security services to a great extent. In this respect, the present article examines Managed security technology and methods and describes evaluation methods and examples relevant to human competencies, so as to seek for some potential courses for further development as well as more efficient approaches to human resource management in terms of institutional Managed security services.